LLMs may be copying training data in everyday conversations with users!. In our latest work, we study how often this happens compared to humans. 👇🧵

RT @NKristina01_: We will present our spotlight paper on the 'jailbreak tax' tomorrow at ICML, it measures how useful jailbreak outputs are….

Imagine LLMs could tell you the future. But properly evaluating forecasts is incredibly tricky!. This paper contains so many interesting thoughts about all the things that can go wrong.

IMO it's very important to measure LLM utility in tasks that we actually want them to perform well on, not just hard sandbox tasks. This is an excellent benchmark that does exactly that!.

I'm also excited to present this paper about LLMs inadvertently leaking training data on Thursday afternoon (tomorrow!).

Just arrived in Singapore for this year's ICLR. Happy to chat about everything related to AI privacy/security and real-world impacts!.

RT @NKristina01_: Congrats, your jailbreak bypassed an LLM’s safety by making it pretend to be your grandma!.But did the model actually giv….

RT @edoardo_debe: 1/🔒Worried about giving your agent advanced capabilities due to prompt injection risks and rogue actions? Worry no more!….

RT @florian_tramer: I’ll be mentoring MATS for the first time this summer, together with @dpaleka! . Link below to apply.

What a joy it was to discuss research and sled down icy slopes with these people!.

I will always believe!.

RT @CSatETH: 🔎Can #AI models be “cured” after a cyber attack?.New research from @florian_tramer's Secure and Private AI Lab reveals that re….

RT @javirandor: Adversarial ML research is evolving, but not necessarily for the better. In our new paper, we argue that LLMs have made pro….

RT @niloofar_mire: I've been thinking about Privacy & LLMs work for 2025 - here are 5 research directions and some key papers on privacy/me….

I am in beautiful Vancouver for #NeurIPS2024 with those amazing folks!.Say hi if you want to chat about ML privacy and security.(or speciality ☕).

🔥 I'm thrilled that I'll be spending next year in the group of @florian_tramer at ETH Zurich, working on privacy and memorization in ML 🔥. (Not an announcement, just what I usually do. It's a great group full of amazing people, and I'm thrilled to work with them every day!).

Great people on that list!.PS: I'm on 🦋 too (aemai).

📖 Measuring Non-Adversarial Reproduction of Training Data in Large Language Models. ➡️ Full paper: ✏️ Blog post with interactive examples: Joint work with @javirandor, @edoardo_debe, Nicholas Carlini, @daphneipp, @florian_tramer.

We take human-written text as a reference, and compare to LLMs on the exact same tasks. Human-written text contains much fewer 50-character snippets from the internet compared to LLM generations!

This non-adversarial reproduction phenomenon is long-tailed. We identify several snippets of over 1,100 consecutive characters found verbatim online! Other generations consist almost exclusively of reproduced (shorter) snippets. See our blog post for some interactive examples!

This “non-adversarial reproduction” of online data depends strongly on the task. Answers to factual tasks contain more reproduced 50+ character snippets compared to creative writing.